FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
FBI shutters Radar ransomware gang servers
On Monday, the Federal Bureau of Investigation (FBI) announced it has disrupted the infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The FBI dismantled 24 servers and 8 domains in the U.S., Germany and the UK. The FBI said the group emerged as a ransomware-as-a-service (RaaS) outfit in August 2023 and used dual-extortion tactics to target as many as 43 small to mid-sized businesses globally. If a victim company failed to respond, the gang would resort to blackmailing company employees via email and phone calls.
NIST finalizes post-quantum encryption standards
On Tuesday, the National Institute of Standards and Technology (NIST) published three new encryption algorithms to bolster global cybersecurity efforts against future attacks using quantum technologies. The new standards are designed for general encryption and digital signatures. The algorithms, called FIPS 203, FIPS 204, and FIPS 205, are published to NIST’s post-quantum cryptography (PQC) project website. Head of the PQC project, Dustin Moody, urges security practitioners to immediately begin using the new algorithms to keep their data secure.
2.7 billion National Public Data records leaked
Following up on a story we have been following Cyber Security Headlines [1][2], a hacker named “Fenice” has dumped two csv files totalling 277GB and containing a trove of 2.7 billion data records, including social security numbers, names, mailing addresses and other sensitive info. The data appears to have come from background-checking service National Public Data (also known as Jerico Pictures) in what is being referred to as one of the largest data breaches in history. On April 8, a cyber-criminal group named USDoD was attempting to sell the personal data belonging to people from the U.S., U.K., and Canada for $3.5 million. That data is now up for grabs on the BreachedForums dark web marketplace though some of the leaked data appears to be incorrect or out of date. National Public Data is also facing a class action suit related to the incident.
Orion loses $60 million in BEC scam
Luxembourg-based company, Orion, who is a leading supplier of carbon black, a material used to make tires, ink, batteries, and plastics was tricked into making several wire transfers through a Business Email Compromise (BEC) attack. According to documents filed with the Securities and Exchange Commission (SEC), a non-executive employee “was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.” Orion expects to record “a one-time pre-tax charge of approximately $60 million.” if the funds are not recovered.
领英推荐
Thanks to today’s episode sponsor, ThreatLocker
Azure AI health bot infected with critical vulnerabilities
Multiple privilege escalation issues in Microsoft Azure’s cloud-based Health Bot service exposed the platform to server-side request forgery (SSRF) and access to cross-tenant resources. The Azure AI Health Bot Service enables healthcare organizations to build their own virtual health assistants to interact with patients and manage administrative workloads. Depending on the nature of the integration, the chatbots could potentially have privileged access to extremely sensitive health information. Researchers at Tenable, who identified the issues said, though Microsoft quickly patched the vulns, they showcase inherent concerns about chatbot risks.
You should probably patch that (Patch Tuesday edition)
Attackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its August Patch Tuesday release. Three of the issues under active exploit (CVE-2024-38106, CVE-2024-38107 and CVE-2024-38193) are O/S bugs that allow an attacker to gain SYSTEM level privileges. The other three zero-days under active exploit include a remote code execution flaw in Windows Edge (CVE-2024-38178), a flaw that allows malware to bypass Windows “Mark of the Web” file download security feature, and a remote code execution execution flaw in Microsoft Project (CVE-2024-38189).?
Meanwhile, SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass (CVE-2024-41730) that could allow remote attackers to fully compromise the system.
Additionally Ivanti has warned of a critical (9.8 CVSS score) authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances (CVE-2024-7593) that can allow attackers to create rogue administrator accounts. Ivanti said it is unaware of exploitation in the wild, however Proof of Concept exploit code is available so customers should upgrade to the latest patched version.
And finally, Adobe issued its own swath of 72 security fixes addressing issues across Adobe Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension. The issues affect both Windows and macOS users and could lead to risk of code execution, memory leaks, and denial-of-service attacks.
(Krebs on Security and SecurityWeek and Security Affairs and Bleeping Computer)
Kamala Harris campaign targeted by foreign hackers
Kamala Harris’s presidential campaign confirmed it was warned by the FBI it had been targeted by a foreign influence campaign. Three then Biden-Harris campaign staff members received spear phishing emails designed to give intruders access to wider email communications. It is unclear whether the phishing attempts were successful, however Harris’s campaign said Tuesday, “We have robust cybersecurity measures in place, and are not aware of any security breaches of our systems resulting from those efforts.”
Six ransomware gangs behind over 50% of 2024 attacks
Researchers at Palo Alto’s Unit 42 performed an analysis of over 1,700 announcements from ransomware gangs in the first half of 2024. The top six most prolific ransomware gangs so far this year account for half of total infections. LockBit 3.0 holds the dubious first-place honor so far, posting 325 victims on its leak site. The Play gang came in second claiming 155 victims. 8base, Akira, BlackBasta and Medusa rounded out the top six ransomware gangs with each claiming over 100 victims. The researchers said, “Even with law enforcement’s best efforts to dismantle and stamp out the most prolific ransomware threat actors, plenty of highly skilled and motivated groups are waiting, willing to step in and fill the void.”